>From: Reindl Harald <h.rei...@thelounge.net> >Sent: Monday, March 6, 2017 5:58 AM >To: David Jones; @; users@spamassassin.apache.org >Subject: Re: New whitelisting trick using from and spf
>Am 06.03.2017 um 12:45 schrieb David Jones: >>> From: @lbutlr <krem...@kreme.com> >>> Sent: Monday, March 6, 2017 5:24 AM >>> To: users@spamassassin.apache.org >>> Subject: Re: New whitelisting trick using from and spf >> >>> On 2017-03-05 (18:59 MST), David Jones <djo...@ena.com> wrote: >>>> >>>> whitelist_auth does this against SPF_PASS and DKIM_VALID_AU >> >>> I tired to do something along these lines at some point in the past by >>> adding some lines to my local.cf like these: >> >>> blacklist_from *@amazon.com >>> whitelist_auth *@amazon.com >>> blacklist_from *@paypal.com >>> whitelist_auth *@paypal.com >> >>> It didn’t have the desired effect and simply blacklisted all PayPal mail. >>> While *I* was ok with blacklisting PayPal, others not so much... >> >> Spam/phishing emails pretending to be from Paypal won't have an >> envelope-from of *@paypal.com which is why you didn't get the >> desired effect. You rarely use the blacklist_from only when there >> is very dumb senders that you want to block >that don't matter - "blacklist_from" also bpocks from-header Good to know but the From: header is not a reliably way to block email unless there is a very dumb/naive sender. >problem is that lines like above also block legit paypal traffic which >has a enevelope outside that domain but get blocked by "blacklist_from" >and "whitelist_auth" won#t trigger as long as you don't add all the >possible underlying envelope-senders (which are in case of newsletters >large, shared senders where you don't want that) >the concept above does not work in real life because it is a very naive >approach by lacking real expierience - took me less than 24 hours to >stop testing that and find out it does more harm than good Like I said, you very rarely should use blacklist_from. RBLs and other DNS checks should take care of most of the need for blacklist_from entries.